BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. That makes us a high-value target. Nation-state actors, ransomware operators, and sophisticated threat groups actively target companies like ours—not just to compromise our corporate environment, but to reach the customers who trust our software to protect their most sensitive systems. A compromise of BeyondTrust is a compromise of the privileged access layer inside our customers’ networks. We take that responsibility seriously.

As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrust’s enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable. You will work alongside experienced threat hunters, incident responders, and detection engineers in a collaborative team that values sharp analytical thinking over checkbox compliance.

This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows. We are not looking for people who are waiting to be told what to do—we are looking for people who want to build something.

What You’ll Do

Alert Triage & Monitoring 

• Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
• Investigate alerts to determine scope, severity, and whether escalation is warranted.
• Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
• Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.

Incident Response & Investigation 

• Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
• Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow data—spanning both corporate and product infrastructure.
• Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
• Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
• Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.

Detection Engineering & Threat Intelligence 

• Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
• Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
• Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
• Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.

AI Integration & Automation 

• Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
• Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the team’s workflows.
• Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
• Partner with engineering teams to improve log ingestion, data quality, and tool integrations.

Operational Excellence 

• Maintain daily operational notes and shift handoff documentation.
• Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
• Participate in on-call rotation for after-hours incident escalation.
• Track and report on operational metrics (MTTD, MTTR, MTTC, false positive rate) and identify improvement opportunities.
• Participate in tabletop exercises, purple team activities, and post-incident reviews. 

What You’ll Bring

• 2+ years of experience in a SOC, security operations, or incident response role.
• Understanding of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behavior.
• Experience with at least one SIEM platform and familiarity with writing search or detection queries.
• Familiarity with EDR platforms and cloud environments (IaaS preferred).
• Comfort using AI systems (e.g., LLM-based assistants, copilots, or AI-driven analysis tools) as part of security workflows.
• Strong written communication skills; able to document findings clearly and concisely for both technical and non-technical audiences.

Nice To Have

• Experience leading or co-leading complex incident response engagements from triage through remediation.
• Experience with identity and access management platforms and cloud security posture management tools.
• Scripting and automation skills (Python, PowerShell, or equivalent) applied to security workflows.
• Familiarity with SOAR platforms or orchestration tools for automated response and enrichment.
• Experience designing or implementing AI agent architectures, LLM-based automation pipelines, or prompt engineering for security use cases.
• Experience building or contributing to threat intelligence programs or detection-as-code pipelines.
• Understanding of the privileged access management landscape and the threat actors that target it.
• Track record of evaluating and adopting emerging technologies in a production security environment.

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com. 

#LI-DF1

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

BeyondTrust is a global leader in privileged access management. Our products provide remote access and privileged control capabilities that are deployed across thousands of enterprise environments worldwide. That makes us a high-value target. Nation-state actors, ransomware operators, and sophisticated threat groups actively target companies like ours—not just to compromise our corporate environment, but to reach the customers who trust our software to protect their most sensitive systems. A compromise of BeyondTrust is a compromise of the privileged access layer inside our customers’ networks. We take that responsibility seriously.

As a SOC Analyst on our Cyber Defense Operations team, you will serve as a front-line defender responsible for protecting both BeyondTrust’s enterprise infrastructure and the integrity of the products our customers depend on. You will monitor, investigate, and respond to security events in an environment where the stakes are real and the adversaries are capable. You will work alongside experienced threat hunters, incident responders, and detection engineers in a collaborative team that values sharp analytical thinking over checkbox compliance.

This team is building toward an AI-augmented operating model. You will be expected to use AI-driven tools in your daily work and to contribute to how we integrate these capabilities into our detection, triage, and response workflows. We are not looking for people who are waiting to be told what to do—we are looking for people who want to build something.

What You’ll Do

Alert Triage & Monitoring 

• Monitor and triage security alerts across SIEM, EDR, and CSPM platforms covering both corporate and product environments.
• Investigate alerts to determine scope, severity, and whether escalation is warranted.
• Leverage AI-assisted triage and enrichment tools to accelerate analysis and reduce mean time to detect.
• Classify, document, and track alerts through the full lifecycle using ticketing and case management systems.

Incident Response & Investigation 

• Participate in or lead incident response engagements from detection through remediation, including evidence collection, forensic analysis, root cause determination, and stakeholder communication.
• Conduct investigations across SIEM, EDR, CSPM, and cloud-native log sources including identity provider logs, cloud audit trails, and network flow data—spanning both corporate and product infrastructure.
• Execute established IR runbooks across identity, endpoint, cloud, and email investigation workflows.
• Manage or assist with evidence handling, forensic artifact collection, and chain-of-custody procedures.
• Produce clear, decision-ready incident summaries and post-incident reports for both technical and leadership audiences.

Detection Engineering & Threat Intelligence 

• Contribute to the design, implementation, and tuning of detection rules across SIEM and EDR platforms, with a focus on reducing false positives and closing coverage gaps.
• Translate threat intelligence (CVE advisories, CISA alerts, vendor bulletins, open-source feeds) into actionable detection content, with particular attention to threats targeting privileged access tooling and supply chain attack vectors.
• Help maintain and evolve detection coverage mapped to MITRE ATT&CK.
• Partner with threat hunting peers to validate detection logic through hypothesis-driven hunts.

AI Integration & Automation 

• Use AI-driven tools for alert triage, enrichment, and investigation as a standard part of daily operations.
• Contribute to the evaluation, integration, and optimization of AI and automation capabilities across the team’s workflows.
• Assist in designing prompts, agent workflows, or LLM-based pipelines that augment analyst capabilities and reduce manual effort.
• Partner with engineering teams to improve log ingestion, data quality, and tool integrations.

Operational Excellence 

• Maintain daily operational notes and shift handoff documentation.
• Contribute to and refine IR runbooks, playbooks, and standard operating procedures.
• Participate in on-call rotation for after-hours incident escalation.
• Track and report on operational metrics (MTTD, MTTR, MTTC, false positive rate) and identify improvement opportunities.
• Participate in tabletop exercises, purple team activities, and post-incident reviews. 

What You’ll Bring

• 2+ years of experience in a SOC, security operations, or incident response role.
• Understanding of common attack frameworks (MITRE ATT&CK), network protocols, and endpoint behavior.
• Experience with at least one SIEM platform and familiarity with writing search or detection queries.
• Familiarity with EDR platforms and cloud environments (IaaS preferred).
• Comfort using AI systems (e.g., LLM-based assistants, copilots, or AI-driven analysis tools) as part of security workflows.
• Strong written communication skills; able to document findings clearly and concisely for both technical and non-technical audiences.

Nice To Have

• Experience leading or co-leading complex incident response engagements from triage through remediation.
• Experience with identity and access management platforms and cloud security posture management tools.
• Scripting and automation skills (Python, PowerShell, or equivalent) applied to security workflows.
• Familiarity with SOAR platforms or orchestration tools for automated response and enrichment.
• Experience designing or implementing AI agent architectures, LLM-based automation pipelines, or prompt engineering for security use cases.
• Experience building or contributing to threat intelligence programs or detection-as-code pipelines.
• Understanding of the privileged access management landscape and the threat actors that target it.
• Track record of evaluating and adopting emerging technologies in a production security environment.

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com. 

#LI-DF1

We are seeking a highly energetic and talented security analyst to join Cato Networks' Managed Detection and Response (MDR) team. As an MDR security analyst, your primary responsibility will be to identify and respond to security threats across our service customers. You will utilize the groundbreaking Cato Threat Hunting System to proactively seek out unknown threats and enhance Cato Networks hunting capabilities. Leveraging the Cato Cloud data warehouse, you will develop threat hunting technics to effectively detect and address security threats. Moreover, you will serve as a trusted advisor to our MDR service clients, providing valuable insights into their security posture and the threat landscape they face 

This position offers an exceptional opportunity for network security enthusiasts who are passionate about Network Security, Malware Analysis, Threat Hunting, and Threat Intelligence. 

Responsibilities 

• Act as a Customer Security Advisor, conducting threat-hunting activities and performing security assessments on customer networks. Effectively communicate findings, recommendations for remediation, and mitigation strategies to customers 

• Serve as an escalation point for the SOC analysts, assisting in the investigation, analysis, and response to security incidents 

• Develop cyber kill-chain indicators of an attack and hunting heuristics to enhance the ongoing threat-hunting process 

• Enhance the product accuracy and its capacity to detect emerging threats within the dynamic security landscape 

Requirements and skills 

• Proven hands-on experience in the cybersecurity industry 

• Excellent customer service skills 

• Strong knowledge of networking architecture and protocols, including TCP/IP, DNS, SSL, SMB, HTTP, IP Routing, etc. 

• Comprehensive understanding of the cybersecurity landscape, common threats, and attack scenarios, such as malware infections, command and control (C&C) communication, drive-by attacks, phishing, and network scans 

• Practical experience with security technologies, including firewalls (FW), intrusion prevention systems/intrusion detection systems (IPS/IDS), antivirus (AV), security information and event management (SIEM) systems, endpoint protection, and network forensics tools 

• Analytical mindset, capable of formulating hypotheses and validating them through in-depth analysis and technical evidence 

• Fluent in English with exceptional communication skills 

• Proficiency in at least one scripting language such as Python or Ruby 

• Advantageous: Experience with Extended Detection and Response (XDR) solutions 

• Advantageous: Previous experience working in Managed Security Service Provider (MSSP) or Managed Detection and Response (MDR) providers as a Threat Hunter or Security Analyst 

• Ability to work effectively as a team player, demonstrating responsibility and strong organizational skills 

Education 

• Advantage – BSc. in Computer Science, Information technology, Mathematics or similar 

A Product Analyst at Torq plays a key role in leveraging data to drive product decisions and improvements. By analyzing product performance, user behavior, and key metrics, they provide actionable insights to product teams and stakeholders. The Product Analyst collaborates with various teams to optimize features, set KPIs, and ensure the product is aligned with business goals through data-driven decision-making.

What You Will Do:

• Provide Data-Driven Insights: Support product teams and stakeholders with actionable insights to drive product decisions.
• Develop Reports & Dashboards: Build and maintain reports, dashboards, and alerts using BI tools.
• Analyze User & Product Data: Analyze user behavior, product performance, and usage data to track product health and optimize features.
• A/B Testing & KPI Monitoring: Own KPIs and A/B testing, monitor results, and drive product improvements.
• Optimize Funnels & Activities: Continuously analyze and optimize user funnels and product activities.
• Collaborate Cross-Functionally: Work with product managers, engineers, and other teams to inform product priorities with data.
• Data Automation: Automate data integrity and validation processes to ensure consistent and accurate reporting.
  
  

The Ideal Candidate:

• Strong communication skills to present insights clearly.
• BSc/BA in Industrial Engineering, Economics, Statistics, Business Management, or a related field.
• 4+ years in an analytical role, ideally in a SaaS or cybersecurity company.
• Proficient in SQL (complex joins, window functions).
• Strong Excel and BI tool experience (Tableau, Looker, Power BI).
• Familiarity with A/B testing, user analysis, and KPI development.
• Bonus: Experience with Amplitude, or Salesforce, and understanding of data modeling/ETL processes.

If your experience is close but doesn’t fulfill all requirements, please apply! Torq is building an outstanding company. To achieve our goals, we are focused on hiring great people with different backgrounds, perspectives, and experiences.

As an equal opportunity employer, we are committed to a team defined and empowered by diversity. We consider qualified applicants without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

By submitting your application, you acknowledge that Torq will process your personal data in accordance with Torq’s Privacy Policy.

#LI-Hybrid